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No. 60/163,000 filed November 1, 1999, entitled "Method and System of Remote 
Operator Interface for a Self-Service Financial Terminal (Remote Operator 
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This application claims priority to co-pending US Provisional Application 
Serial No. 60/162,816 filed November 1, 1999, entitled "Method And System For 
Coordinating Session Activities At A Self-Service Financial Transaction Terminal 
(ATM Session Manager)," and is incorporated herein by reference. 
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Services On A Self-Service Financial Transaction Terminal," and is incorporated 
25 herein by reference. 
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Software On A Self-Service Financial Transaction Terminal From A Remote 
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Unattended Installation Of Software On A Self-Service Financial Transaction 
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5 This application relates to Attorney Docket No . CITI20 1 /T009 1 - 1 9 5422, 

filed simultaneously, entitled "Method And System For Coordinating Session 
Activities At A Self-Service Financial Transaction Terminal," and is incorporated 
herein by reference. 

This application relates to Attorney Docket No. CITI0203/T0091 -195578, 
1 0 filed simultaneously, entitled "Method And System For Configuration Of Self- 
Service Financial Transaction Terminals For A Common Software Release," and 
is incorporated herein by reference. 

This application relates to US Provisional Application No. 60/162,673, 
filed November 1 , 1999, entitled "Method And System For Secure 
1 5 Communication Between A Self-Service Transaction Terminal And A Remote 
Operator Interface (Remote Operator Interface Security)," and is incorporated 
herein by reference. 

This application relates to US Provisional Application No. 60/162,994, 
filed November 1 , 1 999, entitled "Method And System For Extensions For 
20 Financial Services Service Provider Framework For A Self-Service Transaction 
Terminal (XFS Service Provider Framework)," and is incorporated herein by 
reference. 

This application relates to US Provisional Application No. 60/163,002, filed 
November 1, 1999, entitled "Method And System For Installing And/Or Upgrading 
25 Software On A Self-Service Financial Transaction Terminal From A Remote 

Computer (Remote Installation/Software Upgrade)," and is incorporated herein by 
reference. 

This application relates to US Provisional Application No. 60/162,815, 
filed November 1 , 1999, entitled "Method And System For Simultaneous And 
30 Unattended Installation Of Software On A Self-Service Financial Transaction 
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Terminal (Global Installation Framework)," and is incorporated herein by 
reference. 

This application relates to US Provisional Application No. 60/162,672, 
filed November 1 , 1 999, entitled "Method And System For Configuration Of 
5 Self-Service Financial Terminals For A Common Software Release (Framework 
For Configuration Of Self-Service Financial Terminals)," and is incorporated 
herein by reference. 

COPYRIGHT NOTIFICATION 

A portion of the disclosure of this patent document and its figures contain 
10 material that is subject to copyright protection. The copyright owner has no 

objection to the facsimile reproduction by anyone of the patent document or the 
patent disclosure, as it appears in the Patent and Trademark Office patent files or 
records, but otherwise reserves all copyrights whatsoever. 

BACKGROUND OF THE INVENTION 

15 1 . Fi eld of the Invention 

This invention relates generally to the field of self-service financial 
transaction terminals, such as automatic teller machines (ATMs), and more 
particularly to a method and system for remote operator interface with a self-service 
financial terminal, such as an ATM. 

20 

2. Background of the Invention 

ATMs include computer applications or software running on computer 
hardware within the ATM which, for example, interfaces with a host computer and 
other remote computers connected to the ATM over a network. On ATM systems 
25 that a financial institution, such as a bank, develops and that are used in branches or 
other locations, there are a set of functions that are used by supervisors and operators 
in the branch. These operator and supervisor functions are outside of the customer 
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applications and need to be performed on a routine basis to maintain the service to 
administer those ATMs. 

Currently, a way that the financial institution addresses that problem is to 
have a text based terminal that is connected over a serial line to the ATM platform 
5 developed by the financial institution. However, for a global ATM system, as the 
financial institution moves into a more off-the-shelf type of environment, for 
example, where hardware is purchased from different ATM vendors, that solution 
does not work for all vendor platforms. Further, the text based terminals are not a 
viable solution, because the technology is out of date and the cost of those terminals 
10 is also relatively high. Therefore, there is a need for an alternative to support the use 
of the operator functions for maintaining and servicing the ATMs, which is also a 
platform independent solution. 

SUMMARY OF THE INVENTION 

15 It is a feature and advantage of the present invention to provide a method and 

system for remote operator access with a self-service financial terminal, such as an 
ATM, that enables a user to access the ATM over a standard browser from a personal 
computer (PC). 

It is another feature and advantage of the present invention to provide a 
20 method and system for remote operator access with a self-service financial terminal 
that eliminates the need for a customized, highly technology dependent, specific type 
of device, such as a text based terminal. 

It is an additional feature and advantage of the present invention to provide a 
method and system for remote operator access with a self-service financial terminal 
25 utilizing a client-server architecture. 

It is a further feature and advantage of the present invention to provide a 
method and system for remote operator interface with a self-service financial 
terminal which supports a plurality of supervisor type functions. 

It is still another feature and advantage of the present invention to provide a 
30 method and system for remote operator interface for a self-service financial terminal 
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that leverages Internet technology and makes the remote operator interface 
application very flexible and very easy to use. 

It is still an additional feature and advantage of the present invention to 
provide a method and system for remote operator interface for a self-service financial 
5 terminal that allows the user to administer a plurality of ATMs. 

To achieve the stated and other features, advantages and objects, the method 
and system for an embodiment of the present invention makes use of a set of web 
based applications for the operator functions to enable the operator to access the 
operator functions over a standard browser from a PC. An embodiment of the 

10 present invention makes use of a system component referred to as a remote operator 
interface PC. Each ATM with which the remote operator interface is used has a set 
of web based applications installed on it that supports the operator functions. 

In an embodiment of the present invention, an operator accesses the ATM 
from the client PC by bringing up the browser and typing in, for example, a uniform 

1 5 resource locator (URL) to point to the specific ATM. The remote operator interface 
supports a plurality of functions including, for example, supervisory functions, and 
enables the user to administer a plurality of ATMs, for which it is configured, to 
allow the particular functions to be performed. Communication via the remote 
operator interface is secure over a private network or virtual private network (VPN) 

20 over the Internet. An operator must be authenticated to gain access, and the 
operator's entitlements may limit access. 

In an embodiment of the present invention, the remote operator is allowed to 
access a self-service financial terminal, such as the ATM, via the browser application 
of a computing device, such as a personal computer, personal digital assistant (PDA), 

25 web-enabled wired or wireless telephone device, as well as a consumer device, such 
as a Web-TV, or a text-based terminal, such as a VT-100, coupled to the ATM over a 
network. The ATM is provided with one or more web server applications having a 
URL address. The remote operator accesses the ATM by entering the URL address 
for a web server application of the ATM, and the ATM and personal computer 

30 mutually authenticate one another. After mutual authentication, the remote operator 
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interface is started, and a logon screen is displayed for the operator at the personal 
computer. 

In response to a prompt, the remote operator enters a user identification on 
the logon screen, such as a user ID and/or a password, which corresponds to a 
5 particular user entitlement. In addition, when the remote operator session is started, 
the operator is prompted for selection of a preferred language for the session. The 
user identification is verified, and if the entered user identification is valid, a main 
menu of ATM operator functions is displayed for the remote operator, which 
corresponds to the particular user entitlement associated with the user identification. 

1 0 Depending on the user entitlement for the remote operator, the ATM operator 

functions displayed on the main menu includes one or more functions selected from a 
group of operator functions consisting of a reboot function, a stop function, stop 
immediately function, a start function, a configure function, a view configuration 
function, a view software release information function, a view status function, a view 

1 5 integrated network controller and host connection status function, a start peruse 

function, a view event logs function, a view event logs in real-time function, a write 
event logs to file function, a start back administration function, a start command shell 
function, and an initialize personal identification number encryption keys function. 
From the main menu displayed for the remote operator, the operator enters a 

20 selection of at least one of the ATM operator functions according to the 

predetermined user entitlement corresponding to the user identification. The remote 
operator is then allowed to access an application for the selected ATM terminal 
operator function. The selected application that is brought up likewise corresponds 
to the predetermined user entitlement associated with the user identification entered 

25 by the remote operator. 

Likewise, the application that the remote operator is allowed to access 
includes one or more functions selected from a group of operator functions 
consisting of a reboot function, a stop function, stop immediately function, a start 
function, a configure function, a view configuration function, a view software release 

30 information function, a view status function, a view integrated network controller 
and host connection status function, a start peruse function, a view event logs 
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function, a view event logs in real-time function, a write event logs to file function, a 
start back administration function, a start command shell function, and an initialize 
personal identification number encryption keys function. 

The remote operator is allowed to perform one or more tasks associated with 
5 the accessed function, and the remote operator can end the session by selecting an 
exit button displayed on the main menu. A feature of the remote operator interface 
for an embodiment of the present invention restricts operator interface with the ATM 
to a single operator interface at any one time. Thus, the remote operator interface 
cannot be used while another operator interface session of any type is in process, and 

1 0 another operator interface session of any type cannot be performed while the remote 
operator interface is in process. 

Additional objects, advantages, and novel features of the invention will be set 
forth in part in the description which follows, and in part will become more apparent 
to those skilled in the art upon examination of the following, or may be learned by 

1 5 practice of the invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 illustrates an example overview of key components and the flow of 
information between the key components of the remote operator interface for an 
20 embodiment of the present invention; 

Fig. 2 is a flow chart which illustrates an example of the process of using the 
remote interface for an embodiment of the present invention, including starting and 
ending remote operator interface sessions; 

Fig. 3 is a table which shows examples of the operator functions supported 
25 through remote operator interface for an embodiment of the present invention; 

Fig. 4 is a table which shows examples of operator functions that are 
accessible through the remote operator interface for an embodiment of the present 
invention and also indicates examples of functions available locally at the ATM via a 
local operator interface or at the integrated network controller (INC); 
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Fig 5 is a flow chart which illustrates an example of the use of entitlements 
for an embodiment of the present invention; and 

Fig. 6 is a table which illustrates examples of the default language and 
additional languages available for language selection for an embodiment of the 
5 present invention. 



DETAILED DESCRIPTION 

Referring now in detail to an embodiment of the present invention, an 
example of which is illustrated in the accompanying drawings, Fig. 1 illustrates an 

10 example overview of key components and the flow of information between the key 
components of the remote operator interface for an embodiment of the present 
invention. Referring to Fig. 1, the remote operator interface for an embodiment of 
the present invention makes use, for example, of a personal computer (PC) 10 having 
a web browser 12 and coupled over a network 14 to one or more automatic teller 

15 machines (ATMs) 16. 

On a typical NT ATM system, supervisors and branch staff rely on a suite of 
'operator functions' to service and administer the machines. Operators access the 
operator functions on a text terminal, which is connected to an NT ATM system 
through a serial line. For a global ATM product, the need for the operator functions 

20 still exists. However, using the operator functions on a text terminal is no longer a 
viable solution. The remote operator interface for an embodiment of the present 
invention provides a solution for using operator functions on global ATM systems by 
resolving a number of issues. 

Such issues include, for example, that the text terminal is an outdated product 

25 for which it is increasingly difficult to purchase new units and is expensive to 
maintain. In addition, serial port connection may not be available on all ATM 
platforms, and in order to have a vendor independent global ATM product, the 
solution cannot depend on availability of a serial port connection. Further, although 
operator functions can be used at the front screen of the ATM, that is often not the 

30 preferred arrangement. For example, it is inconvenient to use the back 
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administration function at the front screen, and performing operator functions at the 
front screen can tie up an ATM which customers may be waiting to use. 

The solution offered by the remote operator interface for an embodiment of 
the present invention makes the operator functions accessible from the remote 
5 operator interface client PC 10 over a TCI/IP network 14. Stated simply, the remote 
operator interface for an embodiment of the present invention makes use of PC and 
network technology to replace the legacy text terminal and serial line connection. 
Moreover, the operator functions for global ATMs are a set of Web based 
applications that are accessible from the remote operator interface client PC 10 

1 0 through the use of the Web browser 12. 

The method and system for an embodiment of the present invention makes 
use of a set of web based applications for the operator functions, such that an 
operator 18 is able to simply access those operator or supervisor functions over a 
standard browser 12 from the (PC) 10, which is referred to as a remote operator 

1 5 interface client PC. An embodiment of the present invention totally eliminates the 
need for any kind of customized, highly technology dependent, specific type of 
device, such as a text based terminal. 

As PCs have become so widely used and Internet web based technology has 
become such a standard, the remote operator interface for an embodiment of the 

20 present invention that is based on web technology provides an ideal solution. An 

embodiment of the present invention utilizes the system component referred to as the 
remote operator interface client PC 10 for each ATM 16. Each ATM 16 with which 
the remote operator interface is used is provided with a set of web based applications 
installed on it that supports the operator functions. Thus, in terms of the 

25 configuration, an embodiment of the present invention makes use of a client- server 
based architecture. 

In an embodiment of the present invention, the client is the PC 10 from which 
an operator accesses the ATM 16 by bringing up the browser 12 and typing in a 
uniform resource locator (URL) to point to a specific one of the ATMs 1 6. On the 
30 server side, the ATM 1 6 has a web server which runs, for this example, the Microsoft 
Internet Information Server (IS). The access from the PC 10 simply goes through 
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this standard web application, and the operator 1 8 is able to bring up this application 
and then log into the particular one of the ATMs 16 on which the operator 1 8 wants 
to perform certain types of functions. The operator 1 8 then initiates those functions. 
Aspects of an embodiment of the present invention address, for example, the 
5 system requirements for remote operator interface, the procedure to use remote 
operator interface, and the operator functions supported through remote operator 
interface. The system requirements include, for example, hardware, software, and 
network connectivity. An embodiment of the present invention utilizes at least one 
remote operator interface client PC 10 for the remote operator interface on global 

10 ATM systems. Examples of suitable minimum hardware requirements for PC 10 
include an Intel Pentium class central processing unit (CPU), 64 MB RAM, support 
screen resolution of 800x600x256 colors, and an ethernet card. 

In addition, in order to print transaction log information from peruse, the PC 
10 should also have, for example, a Windows NT compatible printer connected to it. 

1 5 There are no additional hardware requirements for the global ATM systems on which 
the remote operator interface is used to service and administer the ATMs 16. The 
remote operator interface for an embodiment of the present invention functions the 
same way regardless of whether the ATMs 16 are from different vendors, are front- 
loading or rear-loading type, or are installed in through-the-wall configuration or in a 

20 branch lobby. 

Software requirements for an embodiment of the present invention include 
vendor software, such as Microsoft Windows NT 4.0, Microsoft Internet Explorer 
4.01 or above, and IRE SafeNet/Soft-PK (for secure end-to-end communication) 
installed on the remote operator interface client PC 10. Note that the requirement for 

25 the Internet Explorer applies to a particular release for the remote operator interface, 
and other releases of the remote operator interface can support any suitable browser, 
such as Microsoft and Netscape browsers. The operator functions accessed through 
the remote operator interface are integrated into the global ATM product. Therefore, 
all software required for the remote operator interface on the global ATM system, 

30 such as the IRE SafeNet/Soft-PK, are installed on the ATM 10 during global ATM 
installation. 
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Fig. 2 is a flow chart which illustrates an example of the process of using the 
remote interface for an embodiment of the present invention, including starting and 
ending remote operator interface sessions. The client PC 10 can be used to start a 
remote operator interface session on any global ATM machine 16 configured to be 
5 used with the PC 10. Referring to Fig.2, at SI, the operator 1 8 starts the Web 

browser 12 on the client PC 10. The operator 18 enters the URL of the global ATM 
system 16 on which the remote operator interface session is to be used. The URL is 
entered, for example, as "http://NodeName/oi", where "NodeName" is the name of 
the global ATM system 16. 

1 0 Referring further to Fig. 2, at S2, the global ATM 1 6 and the client PC 1 0 

mutually authenticate one another. At S3, after mutual authentication, the remote 
operator interface session is started, and a user sign on screen is displayed for the 
operator 18 on a new Web browser window on the client PC 10. From this point 
onward, the procedure for using the remote operator interface and local operator 

1 5 interface, for example, at the front screen of the ATM 16, is identical. At S4, the 
operator 1 8 enters a user name and password. After the operator 1 8 enters a valid 
remote operator interface user name and password, at S5, the remote operator 
interface displays its main menu, from which the operator 1 8 can make a menu 
selection at S6. 

20 Referring again to Fig. 2, at S7, the operator 1 8 can end the remote operator 

interface session by selecting the 'exit' button at the main remote operator interface 
menu. At S8, this also causes the new browser window to be closed automatically. 
Terminating a remote operator interface session by closing the browser window 
should be avoided, as it may not provide an opportunity for an operator function to 

25 complete normally. 

An aspect of an embodiment of the present invention involves designing a 
restriction into the remote operator interface by which only one operator interface 
session is allowed at any time. Therefore, if a local operator interface session is 
already started, for example, at the front display of a global ATM machine, other 

30 operators are unable to start a remote operator interface session on the same global 
ATM machine. Similarly, if a remote operator interface is already in session, other 
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operators cannot bring up either a local operator interface session or another remote 
operator interface session. Allowing only a single operator interface session, either 
local or remote, eliminates the possibility that multiple operator interface sessions 
can interfere with one another. 
5 The remote operator interface for an embodiment of the present invention 

supports a number of operator functions, such as rebooting the ATM, performing a 
stop or immediate stop of the ATM, starting the ATM, configuring the ATM or 
viewing the ATM configuration, and allowing the operator to look at what software 
releases are installed on the ATM. The remote operator interface also supports such 

10 functions as viewing the overall status of the ATM in terms of all the peripheral 

devices, such as whether they are functioning or not, and the connections to the host 
system, such as whether the connection is available or not, and/or the connection to 
the system management node, and whether that connection is available up or down. 
In addition, other operator functions supported by the remote operator 

1 5 interface for an embodiment of the present invention include, for example, looking 
specifically at the connectivity with the system management and with the host and 
providing the node address of the host. Additional operator functions supported by 
the remote operator interface also include, for example, looking at the transaction log 
which keeps a history of detailed transaction records for the activities that are 

20 performed by customers at the ATM, so that through the remote operator interface, a 
supervisor at the branch can use information in the transaction log to pinpoint 
whether a customer has performed a certain transaction in situations, for example, 
where there are disputes or where reconciliations are needed. 

Additional operator functions supported by the remote operator interface for 

25 an embodiment of the present invention include, for example, looking at the system 
event logs on the machine in terms of finding out when certain system wide events or 
device related failures occurred. Those events are logged in, and the supervisor or a 
field engineer is able to find out more detailed information about those type of 
events. Additionally, other operator functions include, for example, starting up, 

30 running administration functions to reconcile the transaction history between the 
ATM and the back-end host, and performing settlement. 
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Fig. 3 is a table which shows examples of the operator functions supported 
through remote operator interface for an embodiment of the present invention. 
Referring to Fig. 3, operator functions supported through remote operator interface 
for an embodiment of the present invention include, for example, rebooting the ATM 
5 20, stopping the ATM 22, stopping the ATM immediately 24, starting the ATM 26, 
configuring the ATM 28, viewing the ATM configuration 30, viewing software 
release information 32, viewing the ATM status 34, viewing the INC and host 
connection status 36, starting peruse 38, viewing event logs 40, viewing event logs in 
real time 42, writing event logs to file 44, starting back administration 46, starting the 

1 0 command shell 48, and initializing PIN encryption keys 50. 

Referring further to Fig. 3, the reboot operator function 20 involves, for 
example, waiting for an active customer session to complete and then performing an 
orderly shutdown of infrastructure software and NT before rebooting NT and 
restarting infrastructure and application software. The stop ATM operator function 

15 22 involves, for example, stopping the application and infrastructure software. This 
stop function 22 waits for a customer session to complete within a timeout period. 
Stop operation 22 causes the devices to be reinitialized at the XFS level (XFS defines 
a standard for application control of specialized ATM peripherals). In addition, the 
Web browser at the global ATM 1 6 is terminated and re-started. The stop operation 

20 22 affects only the application and infrastructure software, and NT is not shutdown 
or rebooted. 

Referring again to Fig. 3, the stop ATM immediately function 24 works the 
same as the stop ATM function 22 except that the stop takes effect immediately 
without waiting for a customer session to finish. The start ATM function 26 is 

25 invoked by the operator 1 8 to restart infrastructure and application software on the 
ATM 16 after using the stop function 22 or the stop immediate function 24. The 
configure ATM function 26 is used to configure or reconfigure various ATM node 
specific parameters, such as ATM TCP addresses, an integrated network controller 
(INC) node name, an INC node TCP address, business name, business address, 

30 and/or time zone. Configuration can be done either manually, or via data 

downloaded from the INC. The configure ATM function 26 also configures the 
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global ATM system 16 to recognize certain PCs, such as PC 10, as remote operator 
clients. 

Referring once more to Fig. 3, the view ATM configuration function 30 is 
used to display the ATM node specific parameters configured by the configure ATM 
5 operation 28 above. The view software release information function 32 is utilized to 
display the release level of application and infrastructure software and the build 
version of NT used in the particular ATM. However, neither file names of software 
modules nor any file attribute information is displayed by the view software 
information release information function 32. 

10 Referring still again to Fig. 3, the view ATM status function 34 for an 

embodiment of the present invention reports the ATM status, such as whether the 
ATM 16 is up or down, whether the front end connection is up or down, whether the 
ATM devices are up or down, whether the ATM 16 is in customer session or idle, 
whether the ATM safe door is open or closed, whether the ATM 1 6 is in or out of 

1 5 diagnostic session, and/or whether the ATM 1 6 is in or out of a back administration 
session. The view INC and host connection status function 36 reports the ATM 
status, such as, whether the ATM 16 is up or down, whether the ATM front end 
connection is up or down, whether the ATM devices are up or down, whether the 
ATM 16 is in a customer session or idle, whether the ATM safe door is open or 

20 closed, whether the ATM 16 is in or out of a diagnostic session, and/ or whether the 
ATM 16 is in or out of a back administration session. 

Referring still further to Fig. 3, the start peruse function 38 starts the peruse 
utility to view or search contents of the MIS transaction log. The view event logs 
function 40 enables the operator 18 to view the content of NT event logs with 

25 filtering capability. The view event logs in real-time function 42 allows the operator 
1 8 to view updates to NT event logs in real time. The write event logs to file 
function 44 writes NT event logs to file on disks. The start back administration 
function 46 starts the back administration utility to perform proofing, settlement, and 
display counters information of the ATM 16. The start command shell function 48 

30 starts a command shell which accepts and processes commands entered by the 
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operator 1 8. The initialize PIN encryption keys function 50 initializes or re- 
initializes PIN encryption keys entered by the operator 18. 

Fig. 4 is a table which shows examples of operator functions that are 
accessible through the remote operator interface for an embodiment of the present 
5 invention and also indicates examples of functions available locally at the ATM 16 
via a local operator interface or at the INC. On ATMs configured with an operator 
panel, functions, such as shutdown and starting diagnostics are provided through the 
operator panel. However, for ATMs not so configured, these functions can also be 
provided by the remote operator interface. In addition, certain functions, such as 
1 0 starting peruse 38 and viewing event logs 40 require use of a keyboard for full 
functionality. 

The overall solution provided by the remote operator interface for an 
embodiment of the present invention entails the concept of allowing an operator with 
privileges or entitlements, such as operator 18, to access an ATM 16 over the 

15 network 14. The term "remote" is used herein in the sense that the PC 10 which 
accesses the ATM 16 can be located, for example, in close proximity to the ATM 
itself, or it can be as remote as anywhere else in the world, as long as network 
connectivity allows the PC 10 to communicate with the ATM 16. That affords 
maximum flexibility and also leverages the Internet technology that makes the 

20 remote operator interface application both highly flexible and extremely easy to use. 

In addition, the remote operator interface for an embodiment of the present 
invention allows the operator 18 the ability to administer all the ATMs 16 for which 
it is configured to allow those types of functions to be performed. For example, a 
branch may have two ATMs or may have ten ATMs on it, and one remote operator 

25 interface PC 10 is required to use the remote operator interface. In other words, it is 
only a matter of pointing to different ATMs in the URL to allow the operator 1 8 to 
bring up the operator functions on a particular ATM, such as one of ATMs 16. Thus, 
one of the benefits of using web based technology for an embodiment of the present 
invention is that it affords a great deal of flexibility, as well as cost saving benefits, 

30 in terms of eliminating the need for more than one type of terminal or device on 
which the operator interface is used. 



Method And System For Remote Operator Interface With A Self-Service Financial Transaction Terminal 
15 



PATENT 

Attorney Docket No. CITI0199/T0091-1 95421 
Express Mail No EL 694906866 US 



Security for the remote operator interface for an embodiment of the present 
invention is handled primarily in a separate security configuration. The PC 1 0 on 
which the operator 1 8 runs the remote operator interface must have preconfigured 
information to allow the PC 10 to bring up the remote operator interface on a specific 
5 one of ATMs 1 6. Thus, it is not just any PC that is allowed even to connect to the 
particular ATM and access the remote operator interface function. The security 
configuration enables the remote operator interface to be flexible as well as secure, in 
terms of accessibility. 

In an embodiment of the present invention, there is no limitation as to 

1 0 whether the network 14 is private or public Internet. In an aspect of an embodiment 
of the present invention, the network architecture on which the remote operator 
interface is deployed is a private network. However, it is a Transmission Control 
Protocol/Internet Protocol (TCP/IP) communications protocol-based network, and 
there is no inherent restriction built into the remote operator interface for an 

1 5 embodiment of the present invention which restricts its usage over a public network. 
Since a particular financial institution's ATM networks are all typically within its 
corporate private networks, an embodiment of the present invention may typically be 
used over the private network. 

However, in another aspect of an embodiment of the present invention, if 

20 there is a need to tie into the public Internet, then the security configuration which is 
used enables that to be done securely over a public Internet, because essentially a 
virtual private network is created using the security configuration, which allows the 
establishment of a private tunneling between the ATM 16 and the remote operator 
interface PC 10. 

25 An aspect of the remote operator interface for an embodiment of the present 

invention includes the use of user entitlements. For example, associated with a 
remote operator interface user group is a user logon ID that gives the operator 18 
access to perform particular operations that the remote operator interface provides. 
The remote operator interface software is designed so that the operator 18 is allowed 

30 to perform only the functions that are within the operator's area of responsibility. 

The remote operator interface enforces this restriction, for example, by requiring the 
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operator 1 8 to log onto the remote operator interface using a logon ID for the 
operator's user group which reflects the functions which the operator 1 8 can perform 
and supporting user entitlements, such as the authority to perform a certain operator 
function. Thus, when the operator 1 8 successfully logs onto the system by entering 
5 his or her operator interface logon ID and password, a menu is displayed containing 
only those operations that the particular operator can perform. In addition, user 
groups and their logon IDs are set up based on specific business requirements, by 
means of a customized configuration file. 

In the remote operator interface for an embodiment of the present invention, 

1 0 user entitlement is a type of a security, as well as a functionality, which restricts a 
certain type of operator to be able to do only certain things. In other words, an 
operator, such as supervisor, can be allowed to look at the ATM transaction logs and 
shut down and reboot the ATM 18. The supervisor-operator 1 8 has certain specific 
functions that he or she is entitled to perform, and that is configured, based on the 

1 5 requirements of that business on which the remote operator interface is deployed. 

Fig 5 is a flow chart which illustrates an example of the use of entitlements 
for an embodiment of the present invention. Referring to Fig. 5, assume that the 
operator 1 8 is a supervisor who is entitled to look at the event log and wishes to do 
so. The process involves, for example, at S10, the supervisor-operator 18 first typing 
«>20 in the URL address of the ATM 16 on which he or she wants to look at the log. The 
supervisor-operator 18 enters the URL and gets a logon screen at SI 1. At SI 2, the 
supervisor-operator 1 8 then logs on with the ID of a supervisor and a password, 
which is verified at S13. At SI 4, the supervisor-operator 18 is presented with a 
menu of choices or selections to which he or she is entitled, one of which is viewing 

25 the event log. 

Continuing with the example, at SI 5, the supervisor-operator 18 makes a 
selection of viewing the event records, which brings up the actual application itself at 
S16. At S17, the supervisor-operator 18 is allowed to select transaction records, for 
example, within a certain time frame during which those transactions might have 

30 occurred. The supervisor-operator 18 can also specify in that application, i.e., the 
event log application, the type of filtering criteria, such as whether to filter, for 
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example, on certain account numbers or certain types of currencies or certain card 
numbers. The supervisor-operator 1 8 can then enter a query request and be able to 
find out whether those transactions have occurred, and if they have occurred, what 
the details are that are provided in the log. 
5 In an embodiment of the present invention, all the applications are actually 

running on the server side or the ATM side. Thus, the remote operator interface for 
an embodiment of the present invention is a web server based application. There is 
actually nothing that is running on the client or the browser side, other than simply 
the information that is displayed. That information, i.e., the connection between the 
10 browser and the server, is all secured through the IPSECurity (IPSec) security 
protocol 52. 

Since the operator functions are Web based applications, functioning of the 
remote operator interface for an embodiment of the present invention depends on the 
client PC 10 being able to 'reach' the global ATM system 16 over the TCP/IP 

1 5 network 14. In a typical branch configuration, the remote operator interface client 
PC 10 and the global ATM system 16 are likely on the same local area network 14. 
However, that is not a required network configuration. As long as the remote 
operator interface client requests can be delivered to the global ATM 1 6 over 
TCP/IP, the two systems can be far apart geographically. Therefore, there is no 

20 inherent restriction as to how far the remote operator interface client 10 can be 

separated from the global ATM 16. However, for operational convenience, the client 
PC 10 is probably best located in close proximity to the global ATM systems 16 that 
are being administered. 

Another aspect for an embodiment of the present invention provides multi- 

25 lingual support. When a remote operator interface session is started, a default 

language is assigned to the session. The default language assigned is based on the 
country in which the ATM 16 is located. Fig. 6 is a table which illustrates examples 
of the default language and additional languages available for language selection for 
an embodiment of the present invention. The default language is used to prompt the 

30 operator for the language selection, and for the caption on the exit button. If a 
particular country supports only one language, a language selection screen is not 
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displayed. For other countries, for example, English is used as the default language. 
If no other language is supported, a language selection screen is not displayed. 
Before an ATM 16 is configured, when the AcquirerCountryCode is not specified, 
the default language is English. 
5 Various preferred embodiments of the invention have been described in 

fulfillment of the various objects of the invention. It should be recognized that these 
embodiments are merely illustrative of the principles of the present invention. 
Numerous modifications and adaptations thereof will be readily apparent to those 
skilled in the art without departing from the spirit and scope of the present invention. 

10 
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What is claimed is: 

1 . A method for remote operator interface with a self-service financial 
terminal, comprising: 

allowing the remote operator to access the self-service financial 
5 terminal via a browser application of a computing device; 

receiving the remote operator's entry of a user identification; 
displaying a menu of self-service financial terminal operator functions 
for the remote operator; 

receiving the remote operator's selection of at least one of the self- 
10 service financial terminal operator functions; and 

allowing the remote operator to access an application for the selected 
self-service financial terminal operator function. 

2. The method of claim 1, wherein allowing the remote operator to 
access the terminal further comprises allowing the remote operator to access the self- 

1 5 service financial terminal via the browser application of the computing device 
coupled to the self-service financial terminal. 

3. The method of claim 2, wherein allowing the remote operator to 
access the terminal further comprises allowing the remote operator to access the self- 
service financial terminal via the browser application of the computing device 

20 coupled to the self-service financial terminal over a network. 

4. The method of claim 1 , wherein allowing the remote operator to 
access the terminal further comprises allowing the remote operator to access the 
terminal via the browser application of a personal computing device. 

5. The method of claim 4, wherein allowing the remote operator to 

25 access the terminal further comprises receiving the remote operator's entry of a URL 
address for the terminal by the browser application of the personal computing device. 

6. The method of claim 5, wherein allowing the remote operator to 
access the terminal further comprises receiving the remote operator's entry of the 
URL address for a web server application of the terminal by the browser application 

30 of the personal computing device. 
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7. The method of claim 1 , wherein allowing the remote operator to 
access the terminal further comprises mutually authenticating the terminal and 
computing device with one another. 

8. The method of claim 1 , wherein receiving the entry of the user 

5 identification further comprises receiving the remote operator's entry on a logon 
screen displayed at the computing device. 

9. The method of claim 1 , wherein receiving the entry of the user 
identification further comprises receiving the remote operator's entry of the user 
identification corresponding to a user entitlement. 

10 10. The method of claim 9, wherein receiving the entry of the user 

identification further comprises receiving the remote operator's entry of at least one 
of a user ID and a password associated with the user entitlement. 

1 1 . The method of claim 1 , wherein receiving the entry of the user 
identification further comprises prompting the remote operator for selection of a 

15 preferred language. 

12. The method of claim 1 , wherein receiving the entry of the user 
identification further comprises verifying the user identification. 

1 3 . The method of claim 1 , wherein displaying the menu further 
comprises displaying the menu of terminal operator functions according to a 

20 predetermined user entitlement corresponding to the user identification. 

14. The method of claim 1, wherein displaying the menu further 
comprises displaying the menu of terminal operator functions selected from a group 
of operator functions consisting of a reboot function, a stop function, stop 
immediately function, a start function, a configure function, a view configuration 

25 function, a view software release information function, a view status function, a view 
integrated network controller and host connection status function, a start peruse 
function, a view event logs function, a view event logs in real-time function, a write 
event logs to file function, a start back administration function, a start command shell 
function, and an initialize personal identification number encryption keys function. 
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1 5. The method of claim 1 , wherein receiving the remote operator's 
selection further comprises receiving the selection according to a predetermined user 
entitlement corresponding to the user identification. 

16. The method of claim 1, wherein allowing the remote operator to 

5 access the application for the selected function further comprises allowing the remote 
operator to access the application for the selected function according to a 
predetermined user entitlement corresponding to the user identification. 

17. The method of claim 1, wherein allowing the remote operator to 
access the application for the selected function further comprises allowing the remote 

10 operator to access the application for the selected function selected from a group of 
operator functions consisting of a reboot function, a stop function, stop immediately 
function, a start function, a configure function, a view configuration function, a view 
software release information function, a view status function, a view integrated 
network controller and host connection status function, a start peruse function, a 

1 5 view event logs function, a view event logs in real-time function, a write event logs 
to file function, a start back administration function, a start command shell function, 
and an initialize personal identification number encryption keys function. 

18. A system for providing remote operator interface with a self-service 
financial terminal, comprising: 

20 means for allowing the remote operator to access the self-service 

financial terminal via a browser application of a computing device; 

means for receiving the remote operator's entry of a user 

identification; 

means for displaying a menu of self-service financial terminal 
25 operator functions for the remote operator; 

means for receiving the remote operator's selection of at least one of 
the self-service financial terminal operator functions; and 

means for allowing the remote operator to access an application for 
the selected self-service financial terminal operator function. 
30 19. The system of claim 1 8, wherein the means for allowing the remote 

operator to access the terminal further comprises means for allowing the remote 
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operator to access the self-service financial terminal via the browser application of 
the computing device coupled to the self-service financial terminal. 

20. The system of claim 19, wherein the means for allowing the remote 
operator to access the terminal further comprises means for allowing the remote 

5 operator to access the self-service financial terminal via the browser application of 
the computing device coupled to the self-service financial terminal over a network. 

21. The system of claim 1 8, wherein the means for allowing the remote 
operator to access the terminal further comprises means for allowing the remote 
operator to access the terminal via the browser application of a personal computing 

1 0 device. 

22. The system of claim 21, wherein the means for allowing the remote 
operator to access the terminal further comprises means for receiving the remote 
operator's entry of a URL address for the terminal by the browser application of the 
personal computing device. 

15 23 • The system of claim 22, wherein the means for allowing the remote 

operator to access the terminal further comprises means for receiving the remote 
operator's entry of the URL address for a web server application of the terminal by 
the browser application of the personal computing device. 

24. The system of claim 1 8, wherein the means for allowing the remote 
20 operator to access the terminal further comprises means for mutually authenticating 

the terminal and computing device with one another. 

25. The system of claim 18, wherein the means for receiving the entry of 
the user identification further comprises means for receiving the remote operator's 
entry on a logon screen displayed at the computing device. 

25 26 - The system of claim 1 8, wherein the means for receiving the entry of 

the user identification further comprises means for receiving the remote operator's 
entry of the user identification corresponding to a user entitlement. 

27. The system of claim 26, wherein the means for receiving the entry of 
the user identification further comprises means for receiving the remote operator's 

3 0 entry of at least one of a user ID and a password associated with the user entitlement. 
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28. The system of claim 18, wherein the means for receiving the entry of 
the user identification further comprises means for prompting the remote operator for 
selection of a preferred language. 

29. The system of claim 1 8, wherein the means for receiving the entry of 
5 the user identification further comprises verifying the user identification. 

30. The system of claim 18, wherein the means for displaying the menu 
further comprises means for displaying the menu of terminal operator functions 
according to a predetermined user entitlement corresponding to the user 
identification. 

10 31. The system of claim 1 8, wherein the means for displaying the menu 

further comprises means for displaying the menu of terminal operator functions 
selected from a group of operator functions consisting of a reboot function, a stop 
function, stop immediately function, a start function, a configure function, a view 
configuration function, a view software release information function, a view status 

15 function, a view integrated network controller and host connection status function, a 
start peruse function, a view event logs function, a view event logs in real-time 
function, a write event logs to file function, a start back administration function, a 
start command shell function, and an initialize personal identification number 
encryption keys function. 

20 32. The system of claim 1 8, wherein the means for receiving the remote 

operator's selection further comprises means for receiving the selection according to 
a predetermined user entitlement corresponding to the user identification. 

33. The system of claim 18, wherein the means for allowing the remote 
operator to access the application for the selected function further comprises means 

25 for allowing the remote operator to access the application for the selected function 
according to a predetermined user entitlement corresponding to the user 
identification. 

34. The system of claim 1 8, wherein the means for allowing the remote 
operator to access the application for the selected function further comprises means 

30 for allowing the remote operator to access the application for the selected function 
selected from a group of operator functions consisting of a reboot function, a stop 



Method And System For Remote Operator Interface With A Self-Service Financial Transaction Terminal 
24 



PATENT 

Attorney Docket No. CITI0199/T009 1-195421 
Express Mail No EL 694906866 US 

function, stop immediately function, a start function, a configure function, a view 

configuration function, a view software release information function, a view status 

function, a view integrated network controller and host connection status function, a 

start peruse function, a view event logs function, a view event logs in real-time 
5 function, a write event logs to file function, a start back administration function, a 

start command shell function, and an initialize personal identification number 

encryption keys function. 

35. A method for remote operator interface with a self-service financial 

terminal, comprising: 
10 providing the self-service financial terminal with a web server 

application having a URL address; 

allowing the remote operator to enter the URL address for the web 

server application on a browser application of a computing device coupled to the 

self-service financial terminal over a network; 
1 5 displaying a logon screen at the personal computer for the remote 

operator; 

receiving entry of a user identification for the remote operator at the 
personal computer; 

displaying a menu of self-service financial terminal operator functions 
20 for the remote operator according to a predetermined entitlement corresponding to 
the user identification; 

receiving the remote operator's selection of at least one of the self- 
service financial terminal operator function; and 

allowing the remote operator to access an application for the selected 
25 self-service financial terminal operator function. 
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ABSTRACT 

A method and system for remote operator interface with a self-service 
transaction terminal, such as an ATM makes use of a set of web based applications 
5 for operator functions to enable the remote operator to access the operator functions 
over a standard browser from a remote operator interface client PC. Each ATM with 
which the remote operator interface is used has a set of web based applications that 
supports the operator functions. The operator accesses the ATM from the client PC 
by bringing up the browser and entering a URL to point to a specific ATM. The 

1 0 remote operator interface supports a plurality of supervisory type functions and 

enables the user to administer a plurality of ATMs for which it is configured to allow 
the particular functions to be performed. Communication via the remote operator 
interface is secure over a private network or virtual private network (VPN) over the 
Internet. The remote operator must be authenticated to gain access, and the 

1 5 operator's entitlements may limit access. 
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